Security Alert

Phishing Attempt – June 14

Friday, June 14, 2019, many UA employees received a phishing email with the subject “Ibra Ndiaye sent you files via WeTransfer” This email is an attempt to steal usernames and passwords.

Remember to notice the red flags of phishing emails. Look at the from email address of the email, and hover over links before you click to see the web address.

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

June 12 – Phishing Email

Wednesday, June 12, 2019, many UA employees received a phishing email with the subject “Web-sikkerhedssupport” This email is an email scam that posed as OIT Security and encouraged employees to update payment information in myBama.

Emails like these are phishing attempts designed to steal credentials and sensitive information. Remember to notice the red flags of phishing emails. Look at the from email address of the email, and hover over links before you click to see the web address.

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

June 3 – Text Scam

Monday, June 3, 2019, many UA students received a phishing text message with the content “You have a balance for summer semester. The Registrar’s office will drop students at noon today. Please pay in the bookstore or set up Nelnet immediately.” This message did not originate from UA or the Registrar’s office, it is a scam.  

The University Registrar does not communicate with students via text message. All official UA messages are delivered via email from @ua.edu email addresses.

If you did receive a text like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

May 16 – Phishing Attempt

Thursday, May 16, 2019 many UA employees received a spam email from the email address hellenwang201610@yahoo.com. The message featured political content, images and several external links. UAPD has been notified of this email. If you did receive it, please delete it.

May 13 – Phishing Attempt

Monday, May 13, 2019, many UA employees received a phishing email with the subject “Re: Payment Approval – Please Review Asap” This email is an email scam.

Emails like these are phishing attempts designed to steal credentials such as a myBama username or password.  Remember to notice the red flags of phishing emails. Look at the from email address of the email.

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Password Change Requests

The OIT security team recently completed an analysis of passwords and other information available online due to the many security breaches that have occurred in the past few years. These breaches include Yahoo, LinkedIn, Tumblr, AntiPublic, and hundreds of others. The analysis indicated that many users’ myBama account password was also used as a password at one of these hundreds of sites and services.

The University of Alabama has not experienced a breach, we have simply noted that many myBama passwords may have been compromised due to use on other websites that have been breached (Yahoo, LinkedIn, etc.). 

If you received an email from OIT, we strongly recommend that you change your myBama password immediately. To change your password, visit mybama.ua.edu and click the change your password link on the right column. We also recommend that you change any other online account that used this password. Remember, you should have a complex and unique password for every online account.

Additionally, if you are not a DUO user, we recommend you activate DUO two-factor authentication to better protect your UA account. DUO provides a second layer of security to your account by requiring two factors to verify identity.

If you have any questions or concerns, please contact the IT Service Desk at itsd@ua.edu.

March 19 – Phishing Alert

Tuesday, March 19, 2019, many UA students received a phishing email with the subject “The University of Alabama:  Immediate Availability Jobs, Employment.” This email did not originate from UA, it is an email scam.

Emails like these are phishing attempts designed to steal credentials such as a myBama username or password.  Remember to notice the red flags of phishing emails. Look at the from email address of the email. Official UA emails will be delivered from a @ua.edu email address.  

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Feb. 24 – Phishing Alert

Sunday, Feb. 24, 2019, many UA faculty and staff members received a phishing email with the subject “FW: 2019 Payroll Adjustment” This email did not originate from UA, it is an email scam.

Emails like these are phishing attempts designed to steal credentials such as a myBama username or password.  Remember to notice the red flags of phishing emails. Look at the from email address of the email. Official UA emails will be delivered from a @ua.edu email address.  

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Student Phishing Alert – Job Scams

Thursday, Jan. 31, 2019, many UA students received phishing emails that pose as job opportunities; however, the emails did not originate from UA nor reputable companies, these emails are scams.  

Emails like these are phishing attempts designed to steal credentials such as a myBama username or password.  Remember to notice the red flags of phishing emails. Look at the from email address of the email. Official UA emails will be delivered from a @ua.edu email address, and reputable companies will send emails from their domain name, not from Gmail or Yahoo email addresses.

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Jan. 28, 2019 – Phishing Alert

Monday, Jan. 28, 2019, many UA employees received a phishing email from the email jcmezzetti@alaska.edu. The email appeared to be from the IT Help Desk; however, the email did not originate from UA or our office, it is an email scam.  

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.